The invention relates to computer software analysis and testing in general. Internet-based web applications often may allow users to upload computer files to the web application host computer in ways that may expose the host computer to malicious attacks. For example, a web application may store uploaded files in a web-accessible directory where no security constraints are applied. This may allow an attacker to upload a file having an extension, such as .ASPX, .PHP, or .JSP, that may be mapped to the server-side scripting engine. When the attacker accesses the uploaded file, it may be executed by the scripting engine, allowing the attacker to execute malicious code on the server.